Details:

This CLD covers the following CVE IDs:
CVE-2017-14054 (https://nvd.nist.gov/vuln/detail/CVE-2017-14054)
CVE-2017-14055 (https://nvd.nist.gov/vuln/detail/CVE-2017-14055)
CVE-2017-14056 (https://nvd.nist.gov/vuln/detail/CVE-2017-14056)
CVE-2017-14057 (https://nvd.nist.gov/vuln/detail/CVE-2017-14057)
CVE-2017-14058 (https://nvd.nist.gov/vuln/detail/CVE-2017-14058)
CVE-2017-14059 (https://nvd.nist.gov/vuln/detail/CVE-2017-14059)
CVE-2017-14169 (https://nvd.nist.gov/vuln/detail/CVE-2017-14169)
CVE-2017-14170 (https://nvd.nist.gov/vuln/detail/CVE-2017-14170)
CVE-2017-14171 (https://nvd.nist.gov/vuln/detail/CVE-2017-14171)
CVE-2017-14222 (https://nvd.nist.gov/vuln/detail/CVE-2017-14222)
CVE-2017-14223 (https://nvd.nist.gov/vuln/detail/CVE-2017-14223)
CVE-2017-14225 (https://nvd.nist.gov/vuln/detail/CVE-2017-14225)
All of these have been fixed upstream in ffmpeg 3.3.4, so the Arch Linux
security team says (https://security.archlinux.org/AVG-400). This has been
confirmed by the ffmpeg developers at https://ffmpeg.org/security.html.
Unfortunately, the upstream developers have released no details about the
technical workings of these vulnerabilities, so it is not possible for us to
disclose any more information than this at this time.